From nobody Mon Jun 8 05:26:39 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 87CAB30BB8C; Fri, 5 Jun 2026 14:43:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670624; cv=none; b=rmGwwa/F0rp2Kq3gSsit9wRUUZMp/OTlnOpQON+3yKZoQ8pVbcs+gq/KWS+7FSqZW2WJwGkyVth6zrjf/o0iF8zT4ltrRcB4tcqHWrGyLJ1KWshZ3K2s4RvEZhVeHEyohp3AAOqdGg++E6pPbJFV58tXGMJeU2/nnk2nSBobKJY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670624; c=relaxed/simple; bh=GLjR0pOZvKp6t4lRJ9X/m4e9jLFN4QEWM1Bm7UejT0s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=d3JfcXEedWA02VWqpfbVB4rkoZMw6Aw5+vdwGcQG3SrIyHG4pW+WznCdQKiq3LiptYj++jMMPE89TPLc+0bDTJs3PvhcSQvEAmC5CAQQp2S/Sf6VnVD5/y63iyN//2DtoqhAbWn3zzyKyI/F1pATgnt3IIhgV8xjsKEGee4WVrw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=u7xXUjP5; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="u7xXUjP5" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ECA13244C; Fri, 5 Jun 2026 07:43:35 -0700 (PDT) Received: from e129823.cambridge.arm.com (e129823.arm.com [10.1.197.6]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AFF543F7D8; Fri, 5 Jun 2026 07:43:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1780670620; bh=GLjR0pOZvKp6t4lRJ9X/m4e9jLFN4QEWM1Bm7UejT0s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u7xXUjP5NO3nanxL9uolUpsFVGHgVo0s7Rn0s4ZvqwqaEOi3YJHWsYTXZwKKMwQMz hrZsj/nlgcJmvErsEZ6N1kyNqppEeN6Vv7gbwVx2JBQulyS74WhEzPLJm0xgVhOl0Z LfzjhDfPVA9ZglVf7srMImqoYkA2RtoKur7DofLo= From: Yeoreum Yun To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Cc: paul@paul-moore.com, zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, noodles@earth.li, jarkko@kernel.org, sudeep.holla@kernel.org, jmorris@namei.org, serge@hallyn.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, jgg@ziepe.ca, Yeoreum Yun Subject: [PATCH v6 1/4] security: lsm: allow LSMs to register for late_initcall_sync init Date: Fri, 5 Jun 2026 15:43:22 +0100 Message-Id: <20260605144325.434436-2-yeoreum.yun@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260605144325.434436-1-yeoreum.yun@arm.com> References: <20260605144325.434436-1-yeoreum.yun@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" There are situations where LSMs have dependencies that might mean they want to be initialised later in the boot process, to ensure those dependencies are available. In particular there are some TPM setups (Arm FF-A devices, SPI attached TPMs) required by IMA which are not guaranteed to be initialised for regular initcall_late. Add an initcall_late_sync option that can be used in these situations. Signed-off-by: Yeoreum Yun --- include/linux/lsm_hooks.h | 2 ++ security/lsm_init.c | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b4f8cad53ddb..c4488c4a6d8a 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -167,6 +167,7 @@ enum lsm_order { * @initcall_fs: LSM callback for fs_initcall setup, optional * @initcall_device: LSM callback for device_initcall() setup, optional * @initcall_late: LSM callback for late_initcall() setup, optional + * @initcall_late_sync: LSM callback for late_initcall_sync() setup, optio= nal */ struct lsm_info { const struct lsm_id *id; @@ -182,6 +183,7 @@ struct lsm_info { int (*initcall_fs)(void); int (*initcall_device)(void); int (*initcall_late)(void); + int (*initcall_late_sync)(void); }; =20 #define DEFINE_LSM(lsm) \ diff --git a/security/lsm_init.c b/security/lsm_init.c index 7c0fd17f1601..a1ad641811de 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -556,13 +556,22 @@ device_initcall(security_initcall_device); * security_initcall_late - Run the LSM late initcalls */ static int __init security_initcall_late(void) +{ + return lsm_initcall(late); +} +late_initcall(security_initcall_late); + +/** + * security_initcall_late_sync - Run the LSM late initcalls sync + */ +static int __init security_initcall_late_sync(void) { int rc; =20 - rc =3D lsm_initcall(late); + rc =3D lsm_initcall(late_sync); lsm_pr_dbg("all enabled LSMs fully activated\n"); call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL); =20 return rc; } -late_initcall(security_initcall_late); +late_initcall_sync(security_initcall_late_sync); --=20 LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7} From nobody Mon Jun 8 05:26:39 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1E2493CFF6C; Fri, 5 Jun 2026 14:43:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670627; cv=none; b=EjbstUmzOOH97NN/01h24VrtFNexwTCEhob1s7xmnnab/hEY3h/1RHVCAwM6kn7BbfT2hnPpnprNn6I/skEbD2A3vQW4qi3FSnpdNfrQ+u3AjLUccp3Yu0TTDW6Ht28kvwtyuRWuv4foPOIbi1DVwvjeYiMpYLBucZ9tmsDO4s4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670627; c=relaxed/simple; bh=Q1T/dDNjJpSw5e0YB7HdLHFPMQUq6Qcw8HEO3cVJDsA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=o6hVpe8VpmNILrQFHN9tSSMZhxLzO9sCiXTQNtr777JkVO5Xp5KiIBGvCCz27OjdFpTB/8CUu+aHxlMNj8VRDqBiMhuMg994TxddCW+xD+cgGFUZSkcS8P7bFE0hgEUMcDAkR1qyaxz4E1+EAoCMKlhi0nXgu4gAFPmy0HRszq0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=K17fqBbA; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="K17fqBbA" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 663252BC6; Fri, 5 Jun 2026 07:43:38 -0700 (PDT) Received: from e129823.cambridge.arm.com (e129823.arm.com [10.1.197.6]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 2AA5E3F7D8; Fri, 5 Jun 2026 07:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1780670623; bh=Q1T/dDNjJpSw5e0YB7HdLHFPMQUq6Qcw8HEO3cVJDsA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K17fqBbA+wjIoD+vHPRYJ/j9UFEE9i2S3w2yCmfmSwpGhgHZkz3YQ8ceH/w6exmON S4pLLSm2iIa25nAw/qIbWTJKiy7FZb2fLPpDFVVrIkMMjJVdNK7eueI1B5NUNyjrG4 lv1roe00Ncxtb/4AGzK6FTRFhLg3K3T2Q++XgyX0= From: Yeoreum Yun To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Cc: paul@paul-moore.com, zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, noodles@earth.li, jarkko@kernel.org, sudeep.holla@kernel.org, jmorris@namei.org, serge@hallyn.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, jgg@ziepe.ca, Yeoreum Yun Subject: [PATCH v6 2/4] security: ima: introduce IMA_INIT_LATE_SYNC option Date: Fri, 5 Jun 2026 15:43:23 +0100 Message-Id: <20260605144325.434436-3-yeoreum.yun@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260605144325.434436-1-yeoreum.yun@arm.com> References: <20260605144325.434436-1-yeoreum.yun@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable To generate the boot_aggregate log in the IMA subsystem with TPM PCR values, the TPM driver must be built as built-in and must be probed before the IMA subsystem is initialized. However, when the TPM device operates over the FF-A protocol using the CRB interface, probing fails and returns -EPROBE_DEFER if the tpm_crb_ffa device =E2=80=94 an FF-A device that provides the communica= tion interface to the tpm_crb driver =E2=80=94 has not yet been probed. To ensure the TPM device operating over the FF-A protocol with the CRB interface is probed before IMA initialization, the following conditions must be met: 1. The corresponding ffa_device must be registered, which is done via ffa_init(). 2. The tpm_crb_driver must successfully probe this device via tpm_crb_ffa_init(). 3. The tpm_crb driver using CRB over FF-A can then be probed successfully. (See crb_acpi_add() and tpm_crb_ffa_init() for reference.) Unfortunately, ffa_init(), tpm_crb_ffa_init(), and crb_acpi_driver_init() are all registered with device_initcall, which means crb_acpi_driver_init() may be invoked before ffa_init() and tpm_crb_ffa_init() are completed. When this occurs, probing the TPM device is deferred. However, the deferred probe can happen after the IMA subsystem has already been initialized, since IMA initialization is performed during late_initcall, and deferred_probe_initcall() is performed at the same level. And the similar situation is reported on TPM devices attached on SPI bus[0]. To resolve this, introduce IMA_INIT_LATE_SYNC option to initialise IMA at late_inicall_sync so that IMA is initialized with the TPM device probed deferred. When this option is enabled, modules that access files in the initramfs through usermode helper calls such as request_module() during initcall must not be built-in. Otherwise, IMA may miss measuring those files [1]. Link: https://lore.kernel.org/all/aYXEepLhUouN5f99@earth.li/ [0] Link: https://lore.kernel.org/all/2b3782398cc17ce9d355490a0c42ebce9120a9ae.= camel@linux.ibm.com/ [1] Suggested-by: Mimi Zohar Reviewed-by: Mimi Zohar Signed-off-by: Yeoreum Yun --- security/integrity/ima/Kconfig | 10 ++++++++++ security/integrity/ima/ima_main.c | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 862fbee2b174..75f71401fba3 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -332,4 +332,14 @@ config IMA_KEXEC_EXTRA_MEMORY_KB If set to the default value of 0, an extra half page of memory for those additional measurements will be allocated. =20 +config IMA_INIT_LATE_SYNC + bool "Initialise IMA at late_initcall_sync" + default n + help + This option initialises IMA at late_initcall_sync for platforms + where TPM device probing is deferred. + When this option is enabled, modules that access files in the + initramfs through usermode helper calls such as request_module() + during initcall must not be built-in. Otherwise, IMA may miss + file measurements for them. endif diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima= _main.c index 5cea53fc36df..1cfae4b83dc5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1337,5 +1337,9 @@ DEFINE_LSM(ima) =3D { .order =3D LSM_ORDER_LAST, .blobs =3D &ima_blob_sizes, /* Start IMA after the TPM is available */ +#ifndef CONFIG_IMA_INIT_LATE_SYNC .initcall_late =3D init_ima, +#else + .initcall_late_sync =3D init_ima, +#endif }; --=20 LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7} From nobody Mon Jun 8 05:26:39 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8C8693D301D; Fri, 5 Jun 2026 14:43:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670630; cv=none; b=sDoyZmT9Ub1JeKcnYs/8wsdOBZ2yGrhNJRSzwvKqb+pnjcUQb9yzyNH9HtdMWP5KdFJj5rUvT8KaWFdZVChxxpTk/I5RSK0cCPvIpwsr02YfNRur5ewfQV/F4iWi+rLXC5CVq/WTBLWJ0FmWNHoDnanQUfTr6ID2cQ1vQA+nroc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670630; c=relaxed/simple; bh=0e1tArr4D65iO+TSEhMNej6FQnO7u5ews7Lm9qq1iZQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=VXclFsuJnBc/ZUH/zvect9CZ83BttAMA7cjWM5bvQPHJ+kZY7HIEJ6Q59c9mNnxsTCrngVN0jXPh1/CxymVqSrQHVcJzUmoUT4xrhPqZ5vrVqmCntB7bGLp5A6Ze98jDZ1pXycoOUmmMq0K324qZgjbWs6YGw3UROeTbALN6T8k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=h2BsyMvR; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="h2BsyMvR" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F26182C34; Fri, 5 Jun 2026 07:43:40 -0700 (PDT) Received: from e129823.cambridge.arm.com (e129823.arm.com [10.1.197.6]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 98E463F7D8; Fri, 5 Jun 2026 07:43:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1780670625; bh=0e1tArr4D65iO+TSEhMNej6FQnO7u5ews7Lm9qq1iZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=h2BsyMvRR7CIgjpf3cnGnQzbSgtJWtLA3QvMuxVXcGdBBcqLgn5voAXXN3PtxvQ6t +zidQ07W6H03SyGl+31Tbzjp7Q25NI05Y4WH3bzHEdickSAwagCxlMPMHSqtGXrdYz aaArlK2oFJqjCmXpMnlCz0vNgAqBEA0S0Ie/Cy+8= From: Yeoreum Yun To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Cc: paul@paul-moore.com, zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, noodles@earth.li, jarkko@kernel.org, sudeep.holla@kernel.org, jmorris@namei.org, serge@hallyn.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, jgg@ziepe.ca, Jonathan McDowell , Yeoreum Yun Subject: [PATCH v6 3/4] security: ima: rename boot_aggregate when ima is initialised at late_sync Date: Fri, 5 Jun 2026 15:43:24 +0100 Message-Id: <20260605144325.434436-4-yeoreum.yun@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260605144325.434436-1-yeoreum.yun@arm.com> References: <20260605144325.434436-1-yeoreum.yun@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Jonathan McDowell The Linux IMA (Integrity Measurement Architecture) subsystem used for secure boot, file integrity, or remote attestation cannot be a loadable module for few reasons listed below: o Boot-Time Integrity: IMA=E2=80=99s main role is to measure and appraise = files before they are used. This includes measuring critical system files during early boot (e.g., init, init scripts, login binaries). If IMA were a module, it would be loaded too late to cover those. o TPM Dependency: IMA integrates tightly with the TPM to record measurements into PCRs. The TPM must be initialized early (ideally before init_ima()), which aligns with IMA being built-in. o Security Model: IMA is part of a Trusted Computing Base (TCB). Making it a module would weaken the security model, as a potentially compromised system could delay or tamper with its initialization. IMA must be built-in to ensure it starts measuring from the earliest possible point in boot which inturn implies TPM must be initialised and ready to use before IMA. Unfortunately some TPM drivers (such as Arm FF-A, or SPI attached TPM devices) are not reliably available during the initcall_late stage, resulting in a log error: ima: No TPM chip found, activating TPM-bypass! To address this issue, IMA_INIT_LATE_SYNC is introduced. However, a remote attestation service cannot determine when IMA has been initialized because the boot_aggregate measurement name remains unchanged, even though IMA is initialized later at late_initcall_sync when IMA_INIT_LATE_SYNC is enabled. Therefore, use a distinct boot_aggregate name when IMA_INIT_LATE_SYNC is enabled, allowing the remote attestation service to identify when IMA has been initialized. Signed-off-by: Jonathan McDowell [yeoreum.yun@arm.com: modified to align with the IMA_INIT_LATE_SYNC change] Signed-off-by: Yeoreum Yun --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_init.c | 15 +++++++++++---- security/integrity/ima/ima_template_lib.c | 3 ++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 69e9bf0b82c6..194b195cec1e 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -66,6 +66,7 @@ extern struct ima_algo_desc *ima_algo_array __ro_after_in= it; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; extern const char boot_aggregate_name[]; +extern const char boot_aggregate_late_name[]; =20 /* IMA event related data */ struct ima_event_data { diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima= _init.c index a2f34f2d8ad7..4c24bd535466 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -22,6 +22,7 @@ =20 /* name for boot aggregate entry */ const char boot_aggregate_name[] =3D "boot_aggregate"; +const char boot_aggregate_late_name[] =3D "boot_aggregate_late"; struct tpm_chip *ima_tpm_chip; =20 /* Add the boot aggregate to the IMA measurement list and extend @@ -45,11 +46,11 @@ static int __init ima_add_boot_aggregate(void) const char *audit_cause =3D "ENOMEM"; struct ima_template_entry *entry; struct ima_iint_cache tmp_iint, *iint =3D &tmp_iint; - struct ima_event_data event_data =3D { .iint =3D iint, - .filename =3D boot_aggregate_name }; + struct ima_event_data event_data =3D { .iint =3D iint }; struct ima_max_digest_data hash; struct ima_digest_data *hash_hdr =3D container_of(&hash.hdr, struct ima_digest_data, hdr); + const char *filename; int result =3D -ENOMEM; int violation =3D 0; =20 @@ -59,6 +60,12 @@ static int __init ima_add_boot_aggregate(void) iint->ima_hash->algo =3D ima_hash_algo; iint->ima_hash->length =3D hash_digest_size[ima_hash_algo]; =20 + if (IS_ENABLED(CONFIG_IMA_INIT_LATE_SYNC)) + filename =3D boot_aggregate_late_name; + else + filename =3D boot_aggregate_name; + event_data.filename =3D filename; + /* * With TPM 2.0 hash agility, TPM chips could support multiple TPM * PCR banks, allowing firmware to configure and enable different @@ -86,7 +93,7 @@ static int __init ima_add_boot_aggregate(void) } =20 result =3D ima_store_template(entry, violation, NULL, - boot_aggregate_name, + filename, CONFIG_IMA_MEASURE_PCR_IDX); if (result < 0) { ima_free_template_entry(entry); @@ -95,7 +102,7 @@ static int __init ima_add_boot_aggregate(void) } return 0; err_out: - integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, + integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, filename, op, audit_cause, result, 0); return result; } diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity= /ima/ima_template_lib.c index 0e627eac9c33..8a89236f926c 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -363,7 +363,8 @@ int ima_eventdigest_init(struct ima_event_data *event_d= ata, goto out; } =20 - if ((const char *)event_data->filename =3D=3D boot_aggregate_name) { + if ((const char *)event_data->filename =3D=3D boot_aggregate_name || + (const char *)event_data->filename =3D=3D boot_aggregate_late_name) { if (ima_tpm_chip) { hash.hdr.algo =3D HASH_ALGO_SHA1; result =3D ima_calc_boot_aggregate(hash_hdr); --=20 LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7} From nobody Mon Jun 8 05:26:39 2026 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 939FC3D0C17; Fri, 5 Jun 2026 14:43:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670631; cv=none; b=KBn8LXdFG3M7ZV4uHpBSOA8+qN4sgCJadCyU8loK7axQY8yIVPFT8DteZ3eKAZ4zPcfQRNc++Cm1KYfEDfBXPdaW0dhWLztZTh1jM5vIh7poHZIMZzjwne19zblYimIaSfo4TFS4UZfbxrYOGcq9hnzwtgJiR5nzlCB3LiYbR+M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780670631; c=relaxed/simple; bh=89AoJatEzNGhZ8P3NpK73/gHwNaQ1811DMSbBBQix/U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=LZZelEPgzTH0SQJyAS6RYb6mLEWrDr41j7oNLBPUTk92ZguDfmXi3NpBGPmdcj80rDGQdVce+AYRO3LsVvH/y6cVDPWM+IhQsPsp0EkyUG4uFlAQO7nbT7HXQhsYT8k1qbt63vT+iVx38p8SuvtpGcOHUjtyWjhoazgbH3rU0Lo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=ah1pfGCl; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="ah1pfGCl" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6D8F4237B; Fri, 5 Jun 2026 07:43:43 -0700 (PDT) Received: from e129823.cambridge.arm.com (e129823.arm.com [10.1.197.6]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 31F1D3F7D8; Fri, 5 Jun 2026 07:43:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1780670628; bh=89AoJatEzNGhZ8P3NpK73/gHwNaQ1811DMSbBBQix/U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ah1pfGClri3U5Sw30ICpHlpa7EpLjXxcd5QRwRahQ5ulAQQl2k+xRuKLPy6HVOGKI /Tuh03zHLNiLetXUgcQCIPJbchjFYkNdGGnur/OTKoj4Bhn30nCcsqftjJcnpEoE/G Np2tFFWkGuMDDmWrfsJtyOk3e58VJKXz7zZ5qxzo= From: Yeoreum Yun To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Cc: paul@paul-moore.com, zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, noodles@earth.li, jarkko@kernel.org, sudeep.holla@kernel.org, jmorris@namei.org, serge@hallyn.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, jgg@ziepe.ca, Yeoreum Yun Subject: [PATCH v6 4/4] tpm: tpm_crb_ffa: revert defered_probed when tpm_crb_ffa is built-in Date: Fri, 5 Jun 2026 15:43:25 +0100 Message-Id: <20260605144325.434436-5-yeoreum.yun@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260605144325.434436-1-yeoreum.yun@arm.com> References: <20260605144325.434436-1-yeoreum.yun@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" commit 746d9e9f62a6 ("tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's = built-in") probe tpm_crb_ffa forcefully when it's built-in to integrate with IMA. However, IMA now provides the IMA_INIT_LATE_SYNC build option, which initialises IMA at the late_initcall_sync level, so this change is no longer required. Signed-off-by: Yeoreum Yun Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_crb_ffa.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/drivers/char/tpm/tpm_crb_ffa.c b/drivers/char/tpm/tpm_crb_ffa.c index 99f1c1e5644b..025c4d4b17ca 100644 --- a/drivers/char/tpm/tpm_crb_ffa.c +++ b/drivers/char/tpm/tpm_crb_ffa.c @@ -177,23 +177,13 @@ static int tpm_crb_ffa_to_linux_errno(int errno) */ int tpm_crb_ffa_init(void) { - int ret =3D 0; - - if (!IS_MODULE(CONFIG_TCG_ARM_CRB_FFA)) { - ret =3D ffa_register(&tpm_crb_ffa_driver); - if (ret) { - tpm_crb_ffa =3D ERR_PTR(-ENODEV); - return ret; - } - } - if (!tpm_crb_ffa) - ret =3D -ENOENT; + return -ENOENT; =20 if (IS_ERR_VALUE(tpm_crb_ffa)) - ret =3D -ENODEV; + return -ENODEV; =20 - return ret; + return 0; } EXPORT_SYMBOL_GPL(tpm_crb_ffa_init); =20 @@ -405,9 +395,7 @@ static struct ffa_driver tpm_crb_ffa_driver =3D { .id_table =3D tpm_crb_ffa_device_id, }; =20 -#ifdef MODULE module_ffa_driver(tpm_crb_ffa_driver); -#endif =20 MODULE_AUTHOR("Arm"); MODULE_DESCRIPTION("TPM CRB FFA driver"); --=20 LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}